Become an AI red teamer who can break systems and ship the fix
Attack real LLM apps, RAG pipelines, and agents on live sandboxed targets, then ship and verify the fixes that stop them. For the people who build them and the people who break them.
What you'll break, and fix
Eight capabilities, previewed with each module's animation. Most labs end by writing and verifying the fix.
Map the AI attack surface. Where trusted instructions and untrusted data collide, mapped to OWASP and MITRE ATLAS.
Open this moduleAbout this path
Most AI security content is compliance PDFs and curse-word jailbreak demos. This is the opposite: a lab-first path where you attack deliberately-vulnerable LLM applications, RAG pipelines, and agents running in real sandboxes, and every exploit is confirmed by an automated check. You'll reproduce the techniques behind real-world incidents like EchoLeak and map each one to the OWASP LLM Top 10, the OWASP Agentic Top 10 (2026), and MITRE ATLAS. Then every module turns to defense, with a dedicated lecture, a hardening lab, and a project where you harden the same target and a grader re-runs your own exploit to prove the fix holds.
Skills you'll put on a resume
- Map the attack surface of an LLM app, RAG pipeline, and agent, and build a harness that measures attack-success-rate
- Exploit indirect prompt injection delivered through retrieved documents, tool output, and inter-agent messages
- Poison a RAG knowledge base and exploit retrieval, embedding, and cross-tenant isolation failures
- Exploit improper output handling into real sinks: XSS, SSRF, command and SQL injection, and unreviewed code execution
- Exploit excessive agency (confused deputy, tool-scope escalation, memory poisoning) and re-scope agents to least privilege
- Attack the agentic supply chain: MCP tool poisoning, rug pulls, tool shadowing, and inter-agent propagation
- Extract hidden system prompts and force sensitive-information disclosure
- Automate red teaming with garak, PyRIT, and promptfoo, and gate CI on attack-success-rate regression
- Run a full LLM/agent VAPT engagement and deliver a professional report with working exploits and verified remediations
For
For builders and breakers of LLM apps. If you ship RAG pipelines, assistants, or agents, you'll learn to attack your own system and harden it before someone else does. If you come from security, you'll learn how LLM apps are wired and where they break. We build both on-ramps
Prerequisites
- Comfortable with Python and calling an HTTP API (scripting a small client, reading a codebase)
- Curiosity about how LLM apps work or how they break. We build both the AI and the web-security mental models as we go
- No machine-learning background and no security background assumed
Guides & articles
Deep-dive reading that pairs with this course
Ratings & reviews
Customer Reviews
Based on 1 review
No reviews yet
Be the first to review this path.
Ready to start?
Pro gives you all 22 labs in this path, every other lab on Preporato, and every practice test. $29.99/mo, cancel anytime.